Defending against Advanced Threats and IPv6 attacks

I was listening to a Cyber Intelligence briefing this morning and several things caught my attention. First of all, advanced threats, like Stuxnet are really scary.

What will Cyber Defense systems look like in the near future when threats can self replicate, self heal, avoid detection, are encrypted, use encrypted communication channels, contain several intelligent payloads and can cross from open computer systems to closed secured systems?

Also IPv6 was mentioned several times. The speaker mentioned that the US government wants IPv6 because it encapsulates network packets into a hardened shell so they can’t be read. And that other nations, nations that are not friendly to the US, already have adopted IPv6 and are using this as an attacking platform. While the US lags behind in rolling out IPv6.

According to the speaker, an IPv4 defender is at a disadvantage when being attacked by an IPv6 network. He said that they may not be able to track back the attacker, because IPv6 is more secure.

I don’t think these statements are completely accurate. Granted, I am not a IPv6 guru, but from what I have heard, many of the IP vulnerabilities in IPv4 remain in IPv6. And IPv6 has some of its own issues. Toolkits like the thc-ipv6 Toolkit exist that only attack IPv6. Sniffing, rogue devices, denial of service, man-in-the-middle attacks are all still possible in IPv6.

The NSA has already stated that they are now looking at security from the stand point that the system has already been compromised. This would mean that the attention changes to analyzing internal data flow and network security monitoring.

How much monitoring is needed, and how far will it go? The TSA has already over reacted to terrorist threats by installing invasive full body scanners in airports. Will this mentality be carried over to the electronic world and everything that is done online be recorded, and analyzed for keyword data?

Will this include government monitoring of e-mails, social media, and even cloud computing? Rumors abound, and overreaction is not the answer.

So what will Cyber Defense look like in the future? I believe the answer will be a mix of high-speed hardware with offensive capabilities (like RSignia’s products), network security monitoring & analysis and a united front from the government, private sector and our allies.